E-mail virus protection

by Marcin Policht
Viruses these days are most commonly delivered via e-mail, since that's the easiest way of reaching wide range of typically unsuspecting targets...

Viruses these days are most commonly delivered via e-mail, since that's the easiest way of reaching wide range of typically unsuspecting targets.

The trend started actually in non-Windows environment, by exploiting security holes in UNIX based Sendmail. The principles were the same as with any of the recent notorious attacks
carrying viruses with misleadingly innocent names - Melissa, Bubble Boy, Love
Letter or Life Stages. The malicious program was launched automatically on the local system, used discovery mechanism to find other targets, changed its name before propagating to them, and
caused damage by crashing some of vital operating system processes and executing itself repeatedly.

Its successors followed. More clever ones operate using a client-server paradigm. Known as illicit servers, they install server portion on a remote computer and allow a client running locally to take control. The best known examples are NetBus and NetBus Professional, Back Orifice
(and the most recent Back Orifice 2000), and Netcat. The server piece is usually
installed by a carrier program, typically an attachment to a friendly message containing a script or a program (such as Whack-A-Mole tied to NetBus).

What are the best means of protection? One is mail monitoring, best exemplified by widely publicized Carnivore. There are programs available in a public domain which work just as the one used by FBI (check Syngress "E-mail Virus Protection Handbook" ISBN 1-928994-23-7 for details). Another is encryption and signing which protects message data and verifies authenticity of its sender.

The mentioned book goes into details of security settings on both server and client. The e-mail client programs range these days from complex, feature rich ones (such as Outlook) to Web Based and POP and IMAP clients (Outlook Express and Eudora) with rather limited functionality. Mail filtering, zone settings, disabling wsh and collaborative data objects, using S/MIME, PGP, SSL and other key pair encryption methods, protection against HTML (also called dynamic) e-mail, exploits utilizing ActiveX, VBScript, JavaScript, comprehensive analysis of client-side Anti-Virus applications and server-side e-mail content filters and scanners, personal firewalls are just some of the
book's highlights. In addition, there are separate sections dedicated to Windows 2000, Red Hat Linux 6, Exchange 5.5, and Sendmail security setup.

I guess on the computer enthusiast's scale this would qualify as two joysticks
up...